Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Spamhaus listed an entire /16
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Spamhaus listed an entire /16

randvegetarandvegeta Member, Host Rep

We rent a few IPs from a various companies. We have a few ranges from Host1Plus.

Several days ago, an entire /16 under H1P was blacklisted by spamhaus.

https://www.spamhaus.org/sbl/query/SBL369111

Now I understand the desire to put pressure on a host to take action, but this is ridiculous. a /16 = 65,536 IP addresses.

From what I can see in the SBL report, there are some 30-40 cases on the whole /16. Most of the IPs I believe are leased by other companies using their own AS, and so are not under direct control of H1P.

Even if H1P wanted to take back an entire subnet, it is not always so easy as removing a route object from RADB or other DBs does not guarantee that the IPs will stop being routed.

This action by Spamhaus seems rather excessive.

«13

Comments

  • Yeah, H1P's main business is leasing ranges so this is super excessive. An entire /16 because of 40 listings?

    Mental.

  • randvegeta said: This action by Spamhaus seems rather excessive.

    Agreed.

  • Classic Spamhaus bullshit.

  • bullshit ! every day spamhouse is getting more ridiculos really ...

    Thanked by 1joeri
  • Suggestion: why don't some providers here, preferably incl. some bigger ones, build - and then use - an alternative "spamhaus" but done the right way?

    Complaining about spamhaus won't change things. So much we know since years. From what I see there are 3 options:

    • continue as usual and wait till you are raped
    • "kill" them. Quite difficult as they have big corps and orgs behind them. A lawsuite, for instance, promises little
    • create a better alternative and promote that i.a. with your large customer base.
  • randvegetarandvegeta Member, Host Rep

    @bsdguy said:
    Suggestion: why don't some providers here, preferably incl. some bigger ones, build - and then use - an alternative "spamhaus" but done the right way?

    Complaining about spamhaus won't change things. So much we know since years. From what I see there are 3 options:

    • continue as usual and wait till you are raped
    • "kill" them. Quite difficult as they have big corps and orgs behind them. A lawsuite, for instance, promises little
    • create a better alternative and promote that i.a. with your large customer base.

    I don't think Spamhaus' power or influence will diminish even if a better competing service could be built. Spamhaus needs to become completely ineffective or obsolete for them to lose what power they currently have.

  • If people cease using them, and they're no longer bribedsponsored, they'll eventually go away.

  • caracalcaracal Member
    edited September 2017

    Quick, someone try to get 24.0.0.0/8 blocked, maybe they'd become irrelevant then

    --

    side note, is this the first time they blocked a /16?

  • @randvegeta said:
    I don't think Spamhaus' power or influence will diminish even if a better competing service could be built. Spamhaus needs to become completely ineffective or obsolete for them to lose what power they currently have.

    It won't be easy and it won't be fast, so far I agree.

    However: If someone does it free and right, if someone creates the right blend, it will take off and spamhaus will become less powerful.

    Things start small. But they should start.

    As an experienced IT guy, let me offer 2 thoughts:

    • one needs a good input filter so as to avoid false listings (due to malevolence, pranks, etc)

    • one needs a good reputation mechanism linked to both IP ranges and companies.

    And obviously one needs a good interface and delisting procedure.

    It could be done, it won't be very expensive, and it will be relatively cheap to run. And hey, you hosters are at the source, you are at an excellent position.

  • AnthonySmithAnthonySmith Member, Patron Provider

    I suggest we just get the CEO's home address and start sending him packets of peanuts in the mail on mass, he may not like peanuts, but we will have him covered just in case because someone on his street probably does.

    dealing with hundreds of packets of peanuts every day will become annoying enough to force action.

  • Are you seriously suggesting a legume DDoS?

    Thanked by 1FoxelVox
  • AnthonySmithAnthonySmith Member, Patron Provider

    WSS said: Are you seriously suggesting a legume DDoS?

    yes, yes I am.

    Thanked by 2FoxelVox WSS
  • we-dont-give-a-fuck-haus

  • randvegetarandvegeta Member, Host Rep
    edited September 2017

    To be perfectly honest, I think the only way to really solve the mail problem is to make mail actually cost something. And that is not to say there would be some service provider getting rich off legitimate e-mail, but if you could imagine the following.

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10. The value is is received by the recipient of the E-mail and so there is a financial reward for receiving an e-mail. On the other hand it would cost the same amount to send out email. In normal cases, where people send/receive roughly equal amounts email, overall, it would effectively be free.

    By requiring this token, it would be prohibitively expensive to use as a means of sending spam. Initial 'deposit' would be small and ongoing, actual use would effectively be free.

    In the case where you start receiving payment for every mail, you may then actually WELCOME and WANT SPAM.

    Thanked by 1elwebmaster
  • @AnthonySmith said:
    I suggest we just get the CEO's home address and start sending him packets of peanuts in the mail on mass, he may not like peanuts, but we will have him covered just in case because someone on his street probably does.

    dealing with hundreds of packets of peanuts every day will become annoying enough to force action.

    Would we call it Distributed Denial of Peanuts

    Thanked by 1Aidan
  • @randvegeta said:
    To be perfectly honest, I think the only way to really solve the mail problem is to make mail actually cost something. And that is not to say there would be some service provider getting rich off legitimate e-mail, but if you could imagine the following.

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10. The value is is received by the recipient of the E-mail and so there is a financial reward for receiving an e-mail. On the other hand it would cost the same amount to send out email. In normal cases, where people send/receive roughly equal amounts email, overall, it would effectively be free.

    By requiring this token, it would prohibitively expensive to use as a means of sending spam. Initial 'deposit' would be small and ongoing, actual use would effectively be free.

    In the case where you start receiving payment for every mail, you may then actually WELCOME and WANT SPAM.

    That seems a bad idea. Usually sending SMS also costs money (to most people) but that doesn't means you don't receive spam

  • randvegetarandvegeta Member, Host Rep

    jetchirag said: That seems a bad idea. Usually sending SMS also costs money (to most people) but that doesn't means you don't receive spam

    But you dont recieve the value either.

    If you start getting paid $0.10 for every e-mail, you may not care so much. If I disabled my spam filter, I would get hundreds of spams per day. That could be 10s of dollars :-)

    Thanked by 1jetchirag
  • The oldest listing on that /16 is over a year old. I really can't see any reason why this wouldn't be legitimate. The provider obviously doesn't care.

  • randvegetarandvegeta Member, Host Rep

    farnox said: The oldest listing on that /16 is over a year old. I really can't see any reason why this wouldn't be legitimate. The provider obviously doesn't care.

    Just because a listing is old does not mean the problem is current.

    We occasionally get IPs listed and normally we take action right away but the listing remains in place until we specifically request a delisting. And we don't request delisting until we need it (waste of time otherwise).

  • @jetchirag said:

    @AnthonySmith said:
    I suggest we just get the CEO's home address and start sending him packets of peanuts in the mail on mass, he may not like peanuts, but we will have him covered just in case because someone on his street probably does.

    dealing with hundreds of packets of peanuts every day will become annoying enough to force action.

    Would we call it Distributed Denial of Peanuts

    I believe it'd be a Distributed Overabundance of Peanuts.

    Thanked by 1jetchirag
  • WebProjectWebProject Host Rep, Veteran

    the reason for blocking botnet, botnet controller, Hosting botnet spammers and illegal activity on their servers like carders forum, I do believe Spamhaus did right step to block such activity!

    Thanked by 1bacloud
  • @randvegeta You should. Spamhaus removes them in a couple of hours.

    Thanked by 1vimalware
  • @randvegeta said:

    jetchirag said: That seems a bad idea. Usually sending SMS also costs money (to most people) but that doesn't means you don't receive spam

    But you dont recieve the value either.

    If you start getting paid $0.10 for every e-mail, you may not care so much. If I disabled my spam filter, I would get hundreds of spams per day. That could be 10s of dollars :-)

    Maybe it could work if we can add some senders to exempt list otherwise pricing of many services would go unpredictable. Is it even possible to do so? It would be 100x harder to get this into action than creating spamhaus's alternative

  • KuJoeKuJoe Member, Host Rep
    edited September 2017

    I have mixed feelings about Spamhaus, the internet is a shitty place in general and Spamhaus is the only real organization that has the power and ability to "police" the internet. Yes, blacklisting an entire /16 is a heavy move... but looking at the stuff that's hosted on that IP space some of it just can't be allowed to live on the internet. I understand some providers don't want to invest any time or money to keep their IP space clean (it's more profitable for them not to), but when you lease IP space this is one of your primary jobs.

    Hopefully Host1Plus can get things under control and clean up their IP space.
    Hopefully Spamhaus can figure out a better system to offer better transparency and to better punish the people who deserve it while limiting the impact to legitimate clients.
    Hopefully a competing service appears that rivals Spamhaus to reduce the power they have over companies (and to better punish hosts who don't care).

    But in the end, we're stuck with what we have so hosts need to be diligent. After all, it is our responsibility to help keep the internet clean.

    This is just my opinion. I personally go above and beyond to run a legal and ethical company so I know the kind of work required for it and I also know how rich I could be right now if I didn't care (no seriously, I've had outrageous offers to compromise my ethics and I completely understand that some people cannot afford to pass up those offers).

    Thanked by 1marrco
  • AnthonySmithAnthonySmith Member, Patron Provider

    KuJoe said: Hopefully Host1Plus can get things under control and clean up their IP space.

    Do host1plus own the entire /16 do you know?

  • jarjar Patron Provider, Top Host, Veteran

    @randvegeta said:

    farnox said: The oldest listing on that /16 is over a year old. I really can't see any reason why this wouldn't be legitimate. The provider obviously doesn't care.

    Just because a listing is old does not mean the problem is current.

    We occasionally get IPs listed and normally we take action right away but the listing remains in place until we specifically request a delisting. And we don't request delisting until we need it (waste of time otherwise).

    Sounds like it's not a waste of time if a range listing bothers you. Remember this is just SBL, if it doesn't bother your customers then it's fine. But if it does, then you should probably be talking to spamhaus.

  • NeoonNeoon Community Contributor, Veteran
    edited September 2017

    Well, if Providers do not clear out the IP space, I would even backlist an /8.

    As soon you go deep enough, they will care.

  • KuJoeKuJoe Member, Host Rep

    @AnthonySmith said:

    KuJoe said: Hopefully Host1Plus can get things under control and clean up their IP space.

    Do host1plus own the entire /16 do you know?

    The limited research I've done points to yes and for Spamhaus' sake I really hope so. If Spamhaus blacklisted IPs not belonging to Host1Plus because of Host1Plus' actions then there should be large scale riots.

  • MikeAMikeA Member, Patron Provider

    @farnox said:
    @randvegeta You should. Spamhaus removes them in a couple of hours.

    I have to agree here here.. Spamhaus has contacted me (or I contacted them too) because some, very few IPs a long time ago clients used were listed for botnet controllers, I replied within a few hours confirming the problem and dealing with it, they replied and delisted the same day. Maybe spam or other reasons for blacklisting are handled differently, but they've always been respectful and quick for me so I've done the same for them.

    This is the same for every company I deal with, I suspect they ignored them or were a dick, in return they got ignored or dick responses.

    Thanked by 2farnox vimalware
  • randvegetarandvegeta Member, Host Rep

    @MikeA said:

    @farnox said:
    @randvegeta You should. Spamhaus removes them in a couple of hours.

    I have to agree here here.. Spamhaus has contacted me (or I contacted them too) because some, very few IPs a long time ago clients used were listed for botnet controllers, I replied within a few hours confirming the problem and dealing with it, they replied and delisted the same day. Maybe spam or other reasons for blacklisting are handled differently, but they've always been respectful and quick for me so I've done the same for them.

    This is the same for every company I deal with, I suspect they ignored them or were a dick, in return they got ignored or dick responses.

    If I receive a report I respond immediately, normally informing them that the account was suspended. But suspension isn't technically resolving the problem and I don't always follow up after termination or other notification. But in Suh cases it is normally a /32 at play and not if great concern. This /16 blacklisting is way over the top and I have no recourse.

Sign In or Register to comment.